Cert-manager service for increased security

Cloudera AI requires a wildcard certificate to support Cloudera AI workloads.

When workloads such as sessions, jobs, applications, and models are created, Cloudera AI generates random, unique subdomains. As these subdomains are not deterministic, a wildcard certificate is necessary to manage them effectively.

To address concerns about using wildcard certificates, Cloudera AI leverages the open-source service cert-manager. This approach enables you to use an automatic certificate signing service, known as 'issuer.' Cloudera AI then relies on the cert-manager service to request certificates from your managed automatic signing service, ensuring a more secure and streamlined process.

A custom revocation service is in place to automatically revoke certificates for terminated workloads.